Engineering privacy: are vehicle manufacturers ready for a data-driven world?

A new report from the BearingPoint Institute explores the many issues surrounding data privacy in the age of the connected car and makes five recommendations for connected car manufacturers and other related members of the ecosystem. The study “Solving privacy for connected cars” emphasizes that in this complex environment, manufacturers have failed to give data privacy enough priority.

An example comes from last year, when a European motoring organization discovered that large amounts of data were being captured by the on-board diagnostics (OBD) system of a car, including driving destinations and phone contacts, without the permission of the user. Today, such data is starting to be transmitted wirelessly – and the amount of data being captured is growing by the day. Addressing the privacy implications and the legal consequences of these developments is imperative.

The interconnections between a connected car with pedestrians, infrastructure and other cars, and how data flows across them require very complex systems. Beside the difficulty of designing and developing these systems used for connected cars are the legal implications: original equipment manufacturers (OEMs) stand to bear the brunt of liability costs as well as resulting reputational damage, so a holistic privacy framework is a necessity.

As cars move to 5G connectivity, OEM’s have the opportunity to send and receive huge volumes of data around the clock. Handling these volumes and consumer concerns of how it is being used, stored and shared are the challenges facing connected car OEMs today and in the future. The Holy Grail is a strategy that addresses privacy holistically and transparently. Reaching this stage will not be a simple process, but it is manageable.

Sarah-Jayne Williams, Partner at BearingPoint and author of the study

The report identified five primary recommendations for how OEMs should address the key issues surrounding data privacy:

• Make privacy an integral part of an OEM’s vision, and a core component of the company culture. Board-level commitment and a dedicated data privacy officer are important steps to take.
• Adopt Privacy by Design (PbD) into engineering processes. Clear communication channels are essential, as is managing customer expectations and rigorous training such that OEMs can hold themselves to the standards of privacy leaders such as Apple and Facebook.
• Rethink the legal approach. OEM legal teams must become advocates for customer privacy in the new environment of PbD – a drastic change in both culture and scope.
• Keep watch for changing privacy regulation. Privacy legislation is evolving all the time: every region of the world, if not every country, has its own unique data protection rules.
• Make privacy a core tenet of the brand, which means developing a friendly, informative privacy policy and set of terms and conditions for consumers.

The report emphasizes the importance for OEMs of seeking, finding and implementing approaches to data privacy in the era of the connected car. Foremost is the need for board-level commitment and the consequent investment in staff, training and culture to use Privacy by Design to make privacy a core tenet of the brand.

About the research

To read the full report, please download the BearingPoint Institute paper “Solving privacy for connected cars,” which can be found at http://inst.be/008VCD.